You are viewing a single comment's thread from:

RE: PSA: How to Avoid MyEtherWallet (And Other) Phishing Scams

in #cryptocurrency7 years ago

I've find one of the most effective ways to avoid phishing attempts is to use a password manager like 1Password. If the domain doesn't exactly line up with what was saved in your password manager then it won't input your password.

I've found a handful of phishing sites lately related to ICOs. They are getting tricky for sure. Each time I reported them to Google. Thanks for spreading the word on that.

Sort:  

That's another good way to screen websites. I've been on the fence about using a password manager... something about having all of my passwords on one place doesn't sit well with me. How long have you been using 1Password?

For many, many years. Since some of the earliest versions, I think.. We require all our team members to use a password manager. It's very strong encryption, fully encrypted at rest. You can only access the passwords when you decrypt it with your one password. Also, via Dropbox, the encrypted password file is always backed up and accessible from anywhere if your computer was to fail. With FoxyCart (my company), computer security is a really big deal because of PCI compliance requirements. In my opinion, a password manager is essential. It prevents password reuse and ensures very strong passwords.

Sure, that's a great way but I won't rely on external service to maintain my passwords. You never know what's happening in the background. That's a risk.
At least for MyEtherWallet using hardware wallets like Trezor etc. which have already integrated with the site could help in all ways. Hardware wallet is the way to go to keep ourselves safe from such scams. At least for cryptos we are safe from phishing if we start using these wallets for transactions.

That's one of the reasons I prefer 1Password over LastPass. It's not an external service. It runs completely on your local device and only the encrypted password file is synced with dropbox (if you configure it that way, which I recommend you do).

And yes, I use my Ledger Nano S with MEW. It's quite nice. I held off on getting a hardware wallet for a long time (mostly used paper wallets), but now that I have one, I really like it.

Great suggestion. Thanks for that information. I will research more on LastPass and if it suites I will start using it as well.
Yes I did the same with paper wallets. Used my old smartphone as a QRcode reader which I kept offline always to read PK from paper wallets. Then create a file and transfer it to my PC for making a transaction.
I recently started using Trezor for online transactions if at all I have to do any. Make me feel safe and secure. I want a backup Hardware wallet but at least Trezor doesn't support importing the private keys (may be for security reasons). Does Ledger Nano S support importing of external private keys by any chance?

No, I was disappointed to find out that it did not. It just has the full backup recovery words and that's it. When I wanted to get my BCC/BCH off my paper wallets, I ended up using Electrum and Electron Cash and while moving stuff to my Ledger.

ICOs don't really have the money to go around and buy all the similar domain names. Never realized password managers would be able to differentiate between URLs that you saved the password for. Is 1Password the best choice for password managers?

I'm not sure there's a best choice among so many different options, but I will say 1Password has been great for me, and I highly recommend it.